Communication sessions between peer computing devices can be secured and mutually authenticated by establishing and maintaining security information related to the peer device in the session. The peer devices may use Internet Key Exchange version 2 (IKEv2) as one protocol to perform mutual authentication. Each peer device establishes and saves a Security Association (SA) based on the IKEv2 exchange. Separate security associations may be used for the IKEv2 exchange and Internet Protocol Security (IPsec) encapsulated messages (e.g., Encapsulating Security Payload (ESP)) messages that are sent between the peer devices. Typically, each SA is associated with the network address (e.g., IP address/port) of the peer device, and any change in the network address of the messages in the secure communication session may cause the IPsec and/or IKEv2 connections to be torn down. For instance, the connections may be torn down if IPSec endpoints have a Network Address Translation (NAT) service in between the endpoints, and the mobility and multi-homing extension to IKEv2 (i.e., MOBIKE) support is exchanged between the two endpoints during the initial tunnel establishment. IKEv2 messages are typically used to convey control plane messages (e.g., Dead Peer Detection, Rekey, etc.), and ESP messages are used to convey data plane messages.